diff --git a/modules/nixos/services/binary-cache/default.nix b/modules/nixos/services/binary-cache/default.nix index 88c3ac8..eac6e7e 100644 --- a/modules/nixos/services/binary-cache/default.nix +++ b/modules/nixos/services/binary-cache/default.nix @@ -10,25 +10,25 @@ in enable = lib.mkOption { type = with lib.types; uniq bool; default = false; - description = "Enable minecraft server"; + description = "Enable Preconfigured Binary-Cache"; }; }; config = lib.mkIf cfg.enable { services.nix-serve = { enable = true; - secretKeyFile = "/var/secrets/cache-games01-private-key.pem"; - bindAddress = "cache.game01.kb-one.de"; + secretKeyFile = "/var/secrets/cache-game01-private-key.pem"; }; # Configure Reverse-Proxy services.traefik-proxy.enable = true; - services.traefik.staticConfigOptions = { + services.traefik.dynamicConfigOptions = { + http.services.nix-cache.loadBalancer.servers = [ { url = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}/"; } ]; http.routers.nix-cache.entrypoints = "websecure"; + # http.routers.nix-cache.tls = true; http.routers.nix-cache.tls.certresolver = "letsencrypt"; - http.routers.nix-cache.rule = "Host(`${config.services.nix-serve.bindAddress}`)"; + http.routers.nix-cache.rule = "Host(`cache.game01.kb-one.de`)"; http.routers.nix-cache.service = "nix-cache"; - services.nix-cache.loadBalancer.servers = [ { url = "http://localhost:${toString config.services.nix-serve.port}/"; } ]; }; }; diff --git a/modules/nixos/services/traefik-proxy/default.nix b/modules/nixos/services/traefik-proxy/default.nix index 5a91905..584d694 100644 --- a/modules/nixos/services/traefik-proxy/default.nix +++ b/modules/nixos/services/traefik-proxy/default.nix @@ -18,23 +18,24 @@ in services.traefik = { enable = true; staticConfigOptions = { - entryPoints.web.address = ":80"; - entryPoints.websecure.address = ":443"; + entryPoints = { + web = { + address = ":80"; + asDefault = true; + http.redirections.entrypoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = { + address = ":443"; + asDefault = true; + http.tls.certResolver = "letsencrypt"; + }; + }; }; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; - - # Enable Secure Dashboard - services.traefik.staticConfigOptions.api = {}; - services.traefik.staticConfigOptions = { - http.routers.dashboard.entrypoints = "websecure"; - http.routers.dashboard.tls.certResolver = "letsencrypt"; - http.routers.dashboard.rule = "Host(`game01.kb-one.de`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"; - http.routers.dashboard.service = "api@internal"; - # TODO: Set Basicauth via SOPS - # http.routers.dashboard.middlewares = "auth"; - # http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW"; - }; # Configure Letsencrypt services.traefik.staticConfigOptions = { diff --git a/systems/x86_64-linux/kb-games-01/default.nix b/systems/x86_64-linux/kb-games-01/default.nix index 6df58af..6db1abe 100644 --- a/systems/x86_64-linux/kb-games-01/default.nix +++ b/systems/x86_64-linux/kb-games-01/default.nix @@ -36,6 +36,7 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS3DoQe/4TtdTLD/Fl41rTjE0n5MyFMl59VGVejcskO kb voloxo" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpN/3esM0SFLJ2guCBOYX8IdBC+jUiMF+xPYkTEuzbe kb-work yerukall" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN1LWMOfFtRKkSLIA/XTj3KYm7OG2bjqEmGXj0gmDc7 kb@LoyAdjo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7W8FUUvM8rUGK6qV3XOIxR0y/pdyo9z5HZNzOADs5+ kb@Rubtrm" ]; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. @@ -71,16 +72,16 @@ # Minecraft Servers services.minecraft = { - enable = true; + enable = false; servers.velocity.enable = true; servers.survival.enable = true; }; # Forgejo Runner - services.forgejo-runner.enable = true; + services.forgejo-runner.enable = false; # Binary Cache - # services.binary-cache.enable = true; + services.binary-cache.enable = true; # Do NOT change this value system.stateVersion = "24.05"; # Did you read the comment?